Вы находитесь на странице: 1из 12

CHAPTER 9

Installing and Configuring the Secure Access


Control System with the Cisco SNS-3415 and
Cisco SNS-3495

This chapter describes how to install and initially configure the Cisco SNS-3415 or Cisco SNS-3495 and
the ACS 5.5 server.
This chapter contains:
• Installing ACS on the Cisco SNS-3415/3495 Appliance, page 9-1
• Downloading the Cisco Secure ACS 5.5 ISO Image, page 9-2
• Installing the ACS Server, page 9-2
• Resetting the Administrator Password, page 9-10
• Reimaging the Cisco SNS-3415/3495 Appliance, page 9-11

Installing ACS on the Cisco SNS-3415/3495 Appliance


The Cisco SNS-3415 or Cisco SNS-3495 appliance is preinstalled with the ACS 5.5 software. This
section gives you an overview of the installation process and the tasks that you must perform before
installing ACS.
Before you begin installing ACS 5.5, you must:
1. Open the box and check the contents. See Chapter 7, “Unpacking and Inspecting the Server.”
2. Read Chapter 6, “Introducing the Cisco SNS-3415 and Cisco SNS-3495 Hardware Appliances.”.
3. Read the general precautions and safety warnings in Chapter 7, “Preparing to Install the Cisco SNS
3415 and Cisco SNS 3495 Hardware Appliances.”
4. Install the appliance in the rack. See Chapter 7, “Preparing for Server Installation.”
5. Connect the Cisco SNS-3415 or Cisco SNS-3495 to the network and appliance console. See
Chapter 8, “Connecting Cables.”
6. Power up the Cisco SNS-3415 or Cisco SNS-3495 appliance. See Chapter 8, “Connecting and
Powering On the Cisco SNS-3415/3495 Appliance.”
7. Power up the Cisco SNS-3415 or Cisco SNS-3495 appliance to the network and appliance console.
See Chapter 8, “Connecting Cables.”

Installation and Upgrade Guide for Cisco Secure Access Control System 5.5
OL-28603-01 9-1
Chapter 9 Installing and Configuring the Secure Access Control System with the Cisco SNS-3415 and Cisco
Downloading the Cisco Secure ACS 5.5 ISO Image

8. Run the setup command at the CLI prompt to configure the initial settings for the ACS server. See
Running the Setup Program, page 9-6. The setup can be done by using the appliance console or
CIMC.
You can use the Cisco UCS Server Configuration Utility, Release 3.0 User Guide to configure the
Cisco SNS-3415 or Cisco SNS-3495 appliance. You can also see the Cisco UCS C-Series Rack Server
guides for more information on Cisco SNS-3415 or Cisco SNS-3495 appliance.

Downloading the Cisco Secure ACS 5.5 ISO Image


You can download the Cisco Secure ACS 5.5 ISO image from Cisco.com

Step 1 Go to http://www.cisco.com/go/acs. You must already have a valid Cisco.com login credentials to access
this link.
Step 2 Click Download Software.
The Cisco Secure ACS Release 5.5 software image appears on the Cisco.com page. You can test all the
Cisco ACS services once your installation and initial configuration are complete.

Note You can download the ACS 5.x software images from Cisco.com only when you have a valid Software
Application Support (SAS) contract for a previous version of ACS 5.x software. If you do not have a
valid SAS contract for a previous version, you must contact your Sales Engineer (SE), Accounts
Manager (AM), or Cisco partners to publish the software image on Cisco.com to the specific customers
account.

Installing the ACS Server


After you download the Cisco Secure ACS 5.5 ISO image, you can use any of the following options to
install and set up the Cisco Secure ACS 5.5 software on your appliance:
• Configure the Cisco Integrated Management Interface (CIMC) and use it to install Cisco Secure
ACS 5.5 remotely via the network. See Configuring CIMC, page 8-5, Installing ACS 5.5 on the
Cisco SNS-3415/3495 Appliance Remotely Using CIMC, page 9-2 and Running the Setup Program,
page 9-6.
• Create a bootable USB Drive and use it to install Cisco Secure ACS 5.5. See Creating a Bootable
USB Drive, page 9-5, Installing ACS 5.5 on the Cisco SNS-3415/3495 Appliance Using the USB
Drive, page 9-4, and Running the Setup Program, page 9-6.

Installing ACS 5.5 on the Cisco SNS-3415/3495 Appliance Remotely Using


CIMC
After you have configured the CIMC for your appliance, you can use it to manage your Cisco SNS-3415
or Cisco SNS-3495 appliance. You can perform all operations including BIOS configuration on your
Cisco SNS-3415 or Cisco SNS-3495 appliance through the CIMC.

Installation and Upgrade Guide for Cisco Secure Access Control System 5.5
9-2 OL-28603-01
Chapter 9 Installing and Configuring the Secure Access Control System with the Cisco SNS-3415 and Cisco
Installing the ACS Server

Step 1 Connect to the CIMC for server management. Connect Ethernet cables from your LAN to the server,
using the ports that you selected in NIC Mode setting. The Active-active and Active-passive NIC
redundancy settings require you to connect to two ports.
Step 2 Use a browser and the IP address of the CIMC to log in to the CIMC Setup Utility. The IP address is
based upon your CIMC config settings that you made (either a static address or the address assigned by
your DHCP server).

Note The default user name for the server is admin. The default password is password.

Step 3 Use your CIMC credentials to log in.


Step 4 Click Launch KVM Console.
Step 5 Click the Virtual Media tab.
Step 6 Click Add Image to select the ACS 5.5 ISO from the system running your client browser.
Step 7 Check the Mapped check box against the virtual CD/DVD drive that you have created.
Step 8 Click the KVM tab.
Step 9 Choose Macros > Ctrl-Alt-Del to boot the Cisco SNS-3415 or Cisco SNS-3495 appliance using the ISO
image.
Step 10 Enter F6 to bring up the boot menu. A screen similar to the following one appears.

Step 11 Select the CD/DVD that you mapped and press Enter. The following message is displayed.
Welcome to the Cisco Secure ACS 5.5 Recovery
To boot from hard disk press <Enter>
Available boot options:
[1] Cisco Secure ACS Installation (Keyboard/Monitor)
[2] Cisco Secure ACS Installation (Serial Console)
[3] Recover administrator password (Keyboard/Monitor
[4] Recover administrator password (Serial Console)
<Enter> Boot existing OS from hard disk.

Installation and Upgrade Guide for Cisco Secure Access Control System 5.5
OL-28603-01 9-3
Chapter 9 Installing and Configuring the Secure Access Control System with the Cisco SNS-3415 and Cisco
Installing the ACS Server

Enter boot option and press <Enter>


boot:
Step 12 At the boot prompt, enter 1 and press Enter.
Step 13 After you enter the network configuration parameters in the Setup mode, the appliance automatically
reboots, and returns to the shell prompt mode.
Step 14 Exit from the shell prompt mode. The appliance comes up.
Step 15 Continue with Verifying the Installation Process, page 5-5.

Installing ACS 5.5 on the Cisco SNS-3415/3495 Appliance Using the USB
Drive
To install ACS 5.5 on the Cisco SNS-3415 or Cisco SNS-3495 appliance using the USB drive, complete
the following steps:

Before You Begin


You need to create a bootable USB drive. See Creating a Bootable USB Drive, page 9-5.

Step 1 Power on the Cisco SNS-3415 or Cisco SNS-3495 appliance.


Step 2 Plug in your bootable USB drive that has the Cisco Secure ACS ISO image into the USB port.
Step 3 Restart ACS and go to the BIOS mode.
Step 4 In the BIOS mode, choose boot from USB.
Step 5 Exit from the BIOS mode and click Save.
Step 6 Again, restart ACS and boot from USB.
Step 7 Now, continue reimaging the Cisco SNS-3415 or Cisco SNS-3495 using the USB drive.
The following message is displayed.
Welcome to the Cisco Secure ACS 5.5 Recovery
To boot from hard disk press <Enter>
Available boot options:
[1] Cisco Secure ACS Installation (Keyboard/Monitor)
[2] Cisco Secure ACS Installation (Serial Console)
[3] Reset administrator password (Keyboard/Monitor
[4] Reset administrator password (Serial Console)
<Remove USB key and reboot to boot existing Hard Disk>
Please enter boot option and press <Enter>
boot:
Step 8 At the boot prompt, enter 1 and press Enter.
Step 9 After you enter the network configuration parameters in Setup mode, the appliance automatically
reboots and returns to the shell prompt mode.
Step 10 Exit from the shell prompt mode. The appliance comes up.

Installation and Upgrade Guide for Cisco Secure Access Control System 5.5
9-4 OL-28603-01
Chapter 9 Installing and Configuring the Secure Access Control System with the Cisco SNS-3415 and Cisco
Installing the ACS Server

Step 11 Continue with Verifying the Installation Process, page 5-5.

Creating a Bootable USB Drive


The Cisco Secure ACS 5.5 ISO image contains a “Documentation\USB-Bootable-Scripts” directory that
has a Readme file and a script to create a bootable USB to install Cisco Secure Access Control System
5.5.

Before You Begin


• You should have read the Readme in the “Documentation\USB-Bootable-Scripts” directory.
• You need the following:
– Linux machine with RHEL-5 or RHEL-6, CentOS 5.x or CentOS 6.x. If you are going to use
your PC or MAC, ensure that you have installed a Linux VM on it.
– A 4-GB USB drive
– The iso-to-usb.sh script
• You should have access permissions to the drives in the local Linux machine.

Step 1 Plug in your USB drive into the USB port.


Step 2 Copy the iso-to-usb.sh script and the Cisco Secure ACS 5.5 ISO image to a directory on your linux
machine.
Step 3 Enter the following command:
iso-to-usb.sh source_iso usb_device
For example, # ./iso-to-usb.sh ACS_v5.5.0.46.0a.iso/dev/sdc where iso-to-usb.sh is the name of the
script, ACS_v5.5.0.46.0a.iso is the name of the ISO image, and /dev/sdc is your USB device.
The following success message is displayed.
*** W A R N I N G ***

THIS SCRIPT WILL DELETE ALL EXISTING CONTENT ON YOUR USB DRIVE: /dev/sdb/

ARE YOU SURE YOU WANT TO CONTINUE? [Y/N]: y

Deleting partition table on USB drive: /dev/sdb ...

Creating new partition table on USB drive: /dev/sdb ...

Formatting BOOT partition: /dev/sdb1 as VFAT ...

Formatting DATA partition: /dev/sdb2 as EXT2 ...

Copying syslinux files to USB partition: /dev/sdb1 ...

Copying ISO file to USB partition: /dev/sdb2 ...

DONE!

Step 4 Unplug your USB drive.

Installation and Upgrade Guide for Cisco Secure Access Control System 5.5
OL-28603-01 9-5
Chapter 9 Installing and Configuring the Secure Access Control System with the Cisco SNS-3415 and Cisco
Installing the ACS Server

Note After you execute the command iso-to-usb.sh, your USB drive will be partitioned in a format where
non-Linux operating systems will not recognize all of the spaces available in it. To repartition your USB
drive for general purpose use with Windows or MAC operating system, you need to run the command
repurpose-usb.sh utility in this directory. This utility will repartition and reformat your USB key for
general use.

Running the Setup Program


This section describes the setup process to install the ACS server.
The setup program launches an interactive command-line interface (CLI) that prompts you for the
required parameters.
An administrator can use the console or a dumb terminal to configure the initial network settings and
provide the initial administrator credentials for the ACS 5.5 server using the setup program. The setup
process is a one-time configuration task.
To install the ACS server:

Step 1 Power on the appliance.


The setup prompt appears:
Please type ‘setup’ to configure the appliance
localhost login:
Step 2 At the login prompt, enter setup and press Enter.
The console displays a set of parameters. You must enter the parameters as described in Table 9-1.

Note You can interrupt the setup process at any time by typing Ctrl-C before the last setup value is entered.

Table 9-1 Network Configuration Parameters

Prompt Default Conditions Description


Host Name localhost First letter must be an ASCII character. Enter the hostname.
Length must be from 3 to 15 characters.
Valid characters are alphanumeric (A-Z,
a-z, 0-9), hyphen (-), and the first
character must be a letter.
Note When you intend to use AD ID
store and set up multiple ACS
instances with same name prefix,
use maximum of 15 characters as
the host name so that it does not
affect the AD functionality.
IPV4 IP Address None, network specific Must be a valid IPv4 address between Enter the IP address.
0.0.0.0 and 255.255.255.255.

Installation and Upgrade Guide for Cisco Secure Access Control System 5.5
9-6 OL-28603-01
Chapter 9 Installing and Configuring the Secure Access Control System with the Cisco SNS-3415 and Cisco
Installing the ACS Server

Table 9-1 Network Configuration Parameters (continued)

Prompt Default Conditions Description


IPv4 Netmask None, network specific Must be a valid IPv4 address between Enter a valid netmask.
0.0.0.0 and 255.255.255.255.
IPv4 Gateway None, network specific Must be a valid IPv4 address between Enter a valid default gateway.
0.0.0.0 and 255.255.255.255.
Domain Name None, network specific Cannot be an IP address. Enter the domain name.
Valid characters are ASCII characters, any
numbers, hyphen (-), and period (.).
IPv4 Primary Name None, network specific Must be a valid IPv4 address between Enter a valid name
Server Address 0.0.0.0 and 255.255.255.255. server address.
Add/ another None, network specific Must be a valid IPv4 address between To configure multiple name
nameserver 0.0.0.0 and 255.255.255.255. servers, enter Y.
Note You can configure a maximum of
three name servers from ACS CLI.
NTP Server time.nist.gov Must be a valid IPv4 address between Enter a valid domain name
0.0.0.0 and 255.255.255.255 or a domain server or an IPv4 address.
name server.
Note You can configure a maximum of
three NTP servers from ACS CLI.
Timezone UTC Must be a valid local time zone. Enter a valid timezone.
SSH Service None, network specific None To enable SSH services,
enter Y.

Installation and Upgrade Guide for Cisco Secure Access Control System 5.5
OL-28603-01 9-7
Chapter 9 Installing and Configuring the Secure Access Control System with the Cisco SNS-3415 and Cisco
Installing the ACS Server

Table 9-1 Network Configuration Parameters (continued)

Prompt Default Conditions Description


Username admin The name of the first administrative user. Enter the username.
You can accept the default or enter a new
username.
Must be from 3 to 8 characters, and must
be alphanumeric (A-Z, a-z, 0-9).
Admin Password None No default password. Enter your Enter the password.
password.
The password must be at least six
characters in length, have at least one
lowercase letter, one uppercase letter, and
one number.
In addition:
• Save the user and password
information for the account that you
set up for initial configuration.
• Remember and protect these
credentials because they allow
complete administrative control of the
ACS hardware, the CLI, and the
application.
• If you lose your administrative
credentials, you can reset your
password by using the ACS 5.5
installation CD.

The console requests for the parameters as shown below:


localhost login: setup
Enter hostname[]: acs-server-1
Enter IP address[]: a.b.c.d
Enter IP default netmask[]: 255.255.255.255
Enter IP default gateway[]: a.b.c.d
Enter default DNS domain[]: mycompany.com
Enter primary nameserver[]: a.b.c.d
Add secondary nameserver? Y/N : n
Add primary NTP server [time.nist.gov]: a.b.c.d
Add secondary NTP server? Y/N : n
Enter system timezone[UTC]:
Enable SSH service Y/N [N] : y
Enter username [admin]: admin
Enter password:
Enter password again:
Pinging the gateway...
Pinging the primary nameserver...

Installation and Upgrade Guide for Cisco Secure Access Control System 5.5
9-8 OL-28603-01
Chapter 9 Installing and Configuring the Secure Access Control System with the Cisco SNS-3415 and Cisco
Installing the ACS Server

Do not use `Ctrl-C' from this point on...


Appliance is configured
Installing applications...
Installing acs...
Generating configuration...
Rebooting...
After the ACS server is installed, the system reboots automatically.
Now, you can log into ACS using the CLI username and password that was configured during the
setup process.

Note You can use this username and password to log in to ACS only via the CLI.

Note The initial setup of the ACS 5.5 server should be configured with an IPv4 IP address. You can configure
the IPv6 IP address for your server only after the initial setup is completed.

Note ACS 5.5 supports IPv4 and IPv6 dual stack networking and does not support pure IPv6 network.

Verifying the Installation Process


To verify that you have correctly completed the installation process:

Step 1 When the system reboots, at the login prompt enter the username you configured during setup, and
press Enter.
Step 2 At password prompt, enter the password you configured during setup, and press Enter.
Step 3 Verify that the application has been installed properly by entering the show application command, and
press Enter.
The console displays:
<name> <Description>
acs Cisco Secure Access Control System 5.5

Step 4 At the system prompt, check the release and ACS version that are installed, by entering the show
application version acs command and pressing Enter.
The console displays:
Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.5.0.46
Internal Build ID : B.221

Note The Version and Internal Build ID may change for different versions of this release.

Installation and Upgrade Guide for Cisco Secure Access Control System 5.5
OL-28603-01 9-9
Chapter 9 Installing and Configuring the Secure Access Control System with the Cisco SNS-3415 and Cisco
Resetting the Administrator Password

Step 5 Check the status of ACS processes, at the system prompt by entering show application status acs,
and press Enter.
The console displays:
ACS role: PRIMARY
Process 'database' running
Process 'management' running
Process 'runtime' running
Process 'ntpd' running
Process 'view-database' running
Process 'view-jobmanager' running
Process 'view-alertmanager' running
Process 'view-collector' running
Process 'view-logprocessor' running

Note To get the latest ACS patches and to keep your ACS up-to-date, visit
http://software.cisco.com/download/navigator.html?i=rt

Resetting the Administrator Password


If you are not able to log in to the system due to the loss of the administrator password, you can use the
ACS 5.5 recovery DVD to reset the administrator password.

Note You can also use the bootable USB drive and CIMC to reset the administrator password.

To reset the administrator password:

Step 1 Power up the appliance.


Step 2 Insert the ACS 5.5 recovery DVD.
The console displays:
Welcome to Cisco Secure ACS 5.5 Recovery
To boot from hard disk press <Enter>
Available boot options:
[1] Cisco Secure ACS 5.5 Installation (Keyboard/Monitor)
[2] Cisco Secure ACS 5.5 Installation (Serial Console)
[3] Reset Administrator Password (Keyboard/Monitor)
[4] Reset Administrator Password (Serial Console)
<Enter> Boot from hard disk
Please enter boot option and press <Enter>.
boot:
To reset the administrator password, at the system prompt, enter 3 if you are using a keyboard and video
monitor, or enter 4 if you are using a serial console port.

Installation and Upgrade Guide for Cisco Secure Access Control System 5.5
9-10 OL-28603-01
Chapter 9 Installing and Configuring the Secure Access Control System with the Cisco SNS-3415 and Cisco
Reimaging the Cisco SNS-3415/3495 Appliance

The console displays a set of parameters.


Step 3 Enter the parameters as described in Table 9-2.

Table 9-2 Password Reset Parameters

Parameter Description
Admin username Enter the number of the administrator whose password you want to reset.
Password Enter the new password for the administrator.
Verify password Enter the password again.
Save change & Reboot Enter Y to save.

The console displays:


Admin username:
[1]:admin
[2]:admin2
[3]:admin3
Enter number of admin for password recovery:1
Password:
Verify password:
Save change&reeboot? [Y/N]:

Reimaging the Cisco SNS-3415/3495 Appliance


You can either use CIMC or the bootable USB drive to reimage the Cisco SNS-3415 or Cisco SNS-3495
appliance with ACS 5.5.
To reimage the Cisco SNS-3415 or Cisco SNS-3495 appliance:
• Reimage using CIMC. See Installing ACS 5.5 on the Cisco SNS-3415/3495 Appliance Remotely
Using CIMC, page 9-2
• Reimage using bootable USB drive. See Installing ACS 5.5 on the Cisco SNS-3415/3495 Appliance
Using the USB Drive, page 9-4

Regulatory Compliance
For regulatory compliance and safety information, see Regulatory Compliance and Safety Information
for Cisco Secure Access Control System. This document is available online at Cisco.com:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/regulatory/
compliance/csacsrcsi.html

Installation and Upgrade Guide for Cisco Secure Access Control System 5.5
OL-28603-01 9-11
Chapter 9 Installing and Configuring the Secure Access Control System with the Cisco SNS-3415 and Cisco
Regulatory Compliance

Installation and Upgrade Guide for Cisco Secure Access Control System 5.5
9-12 OL-28603-01

Вам также может понравиться